Merge "Add entry point to allow for oslo.policy CLI usage"
This commit is contained in:
commit
b3fbb03b81
@ -21,6 +21,9 @@ from oslo_policy import policy
|
||||
from mistral import exceptions as exc
|
||||
from mistral import policies
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
|
||||
_ENFORCER = None
|
||||
|
||||
|
||||
@ -84,6 +87,26 @@ def enforce(action, context, target=None, do_raise=True,
|
||||
)
|
||||
|
||||
|
||||
def get_enforcer():
|
||||
"""Entrypoint that must return the raw oslo.policy enforcer obj.
|
||||
|
||||
This is utilized by the command-line policy tools.
|
||||
|
||||
:returns: :class:`oslo_policy.policy.Enforcer`
|
||||
"""
|
||||
# Here we pass an empty list of arguments because there aren't any
|
||||
# arguments that oslo.config or oslo.policy shouldn't already understand
|
||||
# from the CONF object. This makes things easier here because we don't have
|
||||
# to parse arguments passed in from the command line and remove unexpected
|
||||
# arguments before building a Config object.
|
||||
CONF([], project='mistral')
|
||||
enforcer = policy.Enforcer(CONF)
|
||||
enforcer.register_defaults(policies.list_rules())
|
||||
enforcer.load_rules()
|
||||
|
||||
return enforcer
|
||||
|
||||
|
||||
def _ensure_enforcer_initialization():
|
||||
global _ENFORCER
|
||||
if not _ENFORCER:
|
||||
|
@ -47,6 +47,9 @@ oslo.config.opts.defaults =
|
||||
oslo.policy.policies =
|
||||
mistral = mistral.policies:list_rules
|
||||
|
||||
oslo.policy.enforcer =
|
||||
mistral = mistral.api.access_control:get_enforcer
|
||||
|
||||
mistral.actions =
|
||||
std.async_noop = mistral.actions.std_actions:AsyncNoOpAction
|
||||
std.noop = mistral.actions.std_actions:NoOpAction
|
||||
|
Loading…
x
Reference in New Issue
Block a user